DOJ Says Cardiologist Created, Distributed Ransomware

Heart doctor and self-taught cybercriminal created and distributed ransomware.

According to the U.S. Department of Justice (DOJ), 55-year-old cardiologist Dr. Moises Luis Zagala Gonzalez MD, of New York, has been charged with creating and distributing ransomware equipped with a “doomsday clock” and sharing in profits from attacks.  Zagala also goes by the names “Nosophoros,” “Aesculapius,” and “Nebuchadnezzar.”  He is a citizen of France and Venezuela and currently lives in Ciudad Bolivar, Venezuela.

U.S. authorities have alleged that in 2019 the cardiologist began marketing a new online tool he created, a “Private Ransomware Builder” named “Thanos.”  He likely named the ransomware after the fictional character Thanos, who is responsible for destroying half of all life in the universe, as well as “Thanatos” from Greek mythology, who is associated with death.  Users of the illicit software can access “Recovery Information,” which allows them to build a customized ransom note, distribute it to victims and set up an account to receive Bitcoin payments.  They can also use the “data stealer” which allows them to steal certain files from victims once a computer is infected, or an “anti-VM” option to defeat security protocols. The software also allows users to create their own versions for personal use or to rent to other cybercriminals.

DOJ Says Cardiologist Created, Distributed Ransomware
Photo by Tima Miroshnichenko from Pexels

Moreover, Zagala created a ransomware tool, called “Jigsaw v. 2,” which included a doomsday counter which kept track of how many times a victim tried to remove the ransomware from a PC.   “If the user kills the ransomware too many times, then it’s clear he won’t pay so better erase the whole hard drive,” Zagala wrote to his customers.  The program comes with a self-delete option to do just this.  The name “Jigsaw” may refer to the mastermind behind the sadistic games in the Saw movies.

Breon Peace, U.S. attorney for the Eastern District of New York, said, “As alleged, the multi-tasking doctor treated patients, created and named his cyber tool after death, profited from a global ransomware ecosystem in which he sold the tools for…